Isolating the Ghost in the Machine: Unveiling Post Exploitation Threats

During the past year IR teams and security researchers around the world witnessed a rise in the use of legitimate tools and common scripts in malware and APT attacks. This talk will explore the presenters’ research that focused on automating the analysis of PowerShell and Macro/VBA/VBS attacks by building a heuristic-based compiler engine that determines whether a script is malicious or not.